Re: RFC 8305 Happy Eyeballs in OpenSSH

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



>>> TL;DR: please try the patch out and report if it causes "Did not receive
>>> identification string" log messages.  I believe it does not.

Aw crap.  My homegrown anti-dos tool for ssh looks for either DNRIS or
if logging is verbose enough a connection that didn't result in a
login.  I give the attacker a few tries and whitelist any successful
candidate so I should be ok, but things are getting a bit riskier.

I'm a big fan of happy eyeballs in general so I hope there is some way
to allow happy eyeballs and still stop bots from repeatedly knocking on
the door wasting cpu time.  Simplest would be to never abort the extra
happy eyeballs before actually logging in or the normal ssh connection
timeout.  There may be other ways to accomplish the same thing.

-wolfgang

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux